「开源摘星计划」优麒麟系统(国产)部署Harbor私有镜像仓库服务
Posted 键客李大白
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了「开源摘星计划」优麒麟系统(国产)部署Harbor私有镜像仓库服务相关的知识,希望对你有一定的参考价值。
一、环境描述
随着国产化浪潮的兴起,企业都逐步将服务部署在国产的操作系统上。
本篇文章则在优麒麟20.04
操作系统上部署Harbor 2.6.0
私有镜像仓库服务,其它版本的Harbor亦可参考本文档。关于优麒麟的详细信息可查看: https://www.openkylin.top/
二、主机初始化
2.1 禁用交互分区
$ sudo sed -i / swap / s/^\\(.*\\)$/#\\1/g /etc/fstab
2.2 配置系统软件源
$ sudo sed -i "s@http://.*archive.ubuntu.com@https://mirrors.aliyun.com/@g" /etc/apt/sources.list
$ sudo sed -i "s@http://.*security.ubuntu.com@https://mirrors.aliyun.com/@g" /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install lrzsz wget #lrzsz工具可以在xshell等工具上传/下载文件
2.3 配置docker软件源
配置阿里云的docker-ce
软件源,然后才可以下载安装docker-ce。
1)安装依赖工具
$ sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
2)安装GPG证书
$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
3)写入软件源信息
$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
4)更新软件源
$ sudo apt-get -y update
2.4 安装docker
$ apt-cache madison docker-ce #查找Docker-CE的版本
$ sudo apt-get -y install docker-ce=[VERSION] #安装指定版本的docker
$ docker version
$ sudo systemctl start --now docker
$ sudo systemctl status docker
2.5 安装docker-compose
$ sudo wget https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64
$ sudo mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ ls -l /usr/local/bin/docker-compose
-rwxr-xr-x 1 root root 24707072 1月 7 2022 /usr/local/bin/docker-compose
$ sudo docker-compose version
Docker Compose version v2.2.3
2.6 配置内核参数
$ sudo echo """
kernel.sem = 250 32000 100 128
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_port_range = 32768 65535
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_mem = 94500000 91500000 92700000
net.ipv4.tcp_rmem = 32768 436600 873200
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_wmem = 8192 436600 873200
fs.file-max = 10240000
vm.min_free_kbytes = 4096000
vm.swappiness = 10
net.netfilter.nf_conntrack_max=1000000 """ > /etc/sysctl.conf
$ sudo sysctl -p
2.7 下载Harbor离线安装包
$ sudo wget -c https://github.com/goharbor/harbor/releases/download/v2.6.0/harbor-offline-installer-v2.6.0.tgz
三、安装Harbor
3.1 创建配置文件
将配置文件模板拷贝为配置文件。
$ tar -zxvf harbor-offline-installer-v2.5.3.tgz
$ cd harbor/
$ cp harbor.yml.tmpl harbor.yml
3.2 修改配置
修改配置参数
$ vim harbor.yml
hostname: 192.168.2.26 #修改为主机IP或者域名
http:
port: 80
#https: #本处不使用https安全模式,如果使用需要证书
# port: 443
# certificate: /your/certificate/path
# private_key: /your/private/key/path
3.3 配置注入
将配置文件中的参数注入到各个组件中,然后会自动生成common/config下每个组件的配置文件及认证证书等。
$ sudo docker load -i harbor.v2.5.3.tar.gz #导入镜像(可选,在安装时会自动导入)
$ sudo ./prepare
3.4 安装
$ ./install.sh --help #查看安装参数
$ sudo ./install.sh --with-trivy --with-chartmuseum
出现以下内容则表示安装成功:
✔ ----Harbor has been installed and started successfully.----
3.5 查看Harbor组件服务状态
$ sudo docker-compose ps
NAME COMMAND SERVICE STATUS PORTS
chartmuseum "./docker-entrypoint…" chartmuseum running (healthy)
harbor-core "/harbor/entrypoint.…" core running (healthy)
harbor-db "/docker-entrypoint.…" postgresql running (healthy)
harbor-jobservice "/harbor/entrypoint.…" jobservice running (healthy)
harbor-log "/bin/sh -c /usr/loc…" log running (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal "nginx -g daemon of…" portal running (healthy)
nginx "nginx -g daemon of…" proxy running (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp
redis "redis-server /etc/r…" redis running (healthy)
registry "/home/harbor/entryp…" registry running (healthy)
registryctl "/home/harbor/start.…" registryctl running (healthy)
trivy-adapter "/home/scanner/entry…" trivy-adapter running (healthy)
3.6 访问Harbor UI
在浏览器地址栏输入:http://192.168.2.26:80
用户名:admin
密码:Harbor12345
以上是关于「开源摘星计划」优麒麟系统(国产)部署Harbor私有镜像仓库服务的主要内容,如果未能解决你的问题,请参考以下文章
「开源摘星计划」Harbor日志轮转:从日志优化Harbor性能!
「开源摘星计划」Containerd拉取Harbor中的私有镜像,云原生进阶必备技能